Merge pull request #219342 from msakande/GA-updates-network-isolation

update docs for network isolation GA

Author: prmerger-automator[bot]

articles/machine-learning/concept-endpoints.md

@@ -119,11 +119,9 @@ Visual Studio Code enables you to interactively debug endpoints.
 
 :::image type="content" source="media/concept-endpoints/visual-studio-code-full.png" alt-text="Screenshot of endpoint debugging in VSCode." lightbox="media/concept-endpoints/visual-studio-code-full.png" :::
 
-### Private endpoint support (preview)
+### Private endpoint support
 
-Optionally, you can secure communication with a managed online endpoint by using private endpoints. This functionality is currently in preview.
-
-[!INCLUDE [preview disclaimer](../../includes/machine-learning-preview-generic-disclaimer.md)]
+Optionally, you can secure communication with a managed online endpoint by using private endpoints.
 
 You can configure security for inbound scoring requests and outbound communications with the workspace and other services separately. Inbound communications use the private endpoint of the Azure Machine Learning workspace. Outbound communications use private endpoints created per deployment.
 

articles/machine-learning/how-to-network-security-overview.md

@@ -159,9 +159,6 @@ You can enable network isolation for managed online endpoints to secure the foll
 * Inbound scoring requests.
 * Outbound communication with the workspace, Azure Container Registry, and Azure Blob Storage.
 
-> [!IMPORTANT]
-> Using network isolation for managed online endpoints is a __preview__ feature, and isn't fully supported.
-
 For more information, see [Enable network isolation for managed online endpoints](how-to-secure-online-endpoint.md).
 
 ## Optional: Enable public access

articles/machine-learning/how-to-secure-inferencing-vnet.md

@@ -52,7 +52,7 @@ In this article, you learn how to secure inferencing environments (online endpoi
 
 ## Secure managed online endpoints
 
-For information on securing managed online endpoints, see the [Use network isolation with managed online endpoints (preview)](how-to-secure-online-endpoint.md) article.
+For information on securing managed online endpoints, see the [Use network isolation with managed online endpoints](how-to-secure-online-endpoint.md) article.
 
 ## Secure Azure Kubernetes Service
 

articles/machine-learning/how-to-secure-online-endpoint.md

@@ -13,13 +13,11 @@ ms.date: 10/04/2022
 ms.custom: event-tier1-build-2022
 ---
 
-# Use network isolation with managed online endpoints (preview)
+# Use network isolation with managed online endpoints
 
 [!INCLUDE [SDK/CLI v2](../../includes/machine-learning-dev-v2.md)]
 
-When deploying a machine learning model to a managed online endpoint, you can secure communication with the online endpoint by using [private endpoints](../private-link/private-endpoint-overview.md). Using a private endpoint with online endpoints is currently a preview feature.
-
-[!INCLUDE [preview disclaimer](../../includes/machine-learning-preview-generic-disclaimer.md)]
+When deploying a machine learning model to a managed online endpoint, you can secure communication with the online endpoint by using [private endpoints](../private-link/private-endpoint-overview.md).
 
 You can secure the inbound scoring requests from clients to an _online endpoint_. You can also secure the outbound communications between a _deployment_ and the Azure resources it uses. Security for inbound and outbound communication are configured separately. For more information on endpoints and deployments, see [What are endpoints and deployments](concept-endpoints.md#what-are-endpoints-and-deployments).
 
@@ -48,6 +46,8 @@ The following diagram shows how communications flow through private endpoints to
 
 * The Azure Container Registry and Azure Storage Account must be in the same Azure Resource Group as the workspace.
 
+* If you want to use a [user-assigned managed identity](/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp) to create and manage online endpoints and online deployments, the identity should have the proper permissions. For details about the required permissions, see [Set up service authentication](/azure/machine-learning/how-to-identity-based-service-authentication#workspace). For example, you need to assign the proper RBAC permission for Azure Key Vault on the identity.
+
 > [!IMPORTANT]
 > The end-to-end example in this article comes from the files in the __azureml-examples__ GitHub repository. To clone the samples repository and switch to the repository's `cli/` directory, use the following commands: 
 >
@@ -64,7 +64,7 @@ The following diagram shows how communications flow through private endpoints to
 
 * Secure outbound communication creates three private endpoints per deployment. One to the Azure Blob storage, one to the Azure Container Registry, and one to your workspace.
 
-* Azure Log Analytics and Application Insights aren't supported when using network isolation with a deployment. To see the logs for the deployment, use the [az ml online-deployment get_logs](/cli/azure/ml/online-deployment#az-ml-online-deployment-get-logs) command instead.
+* When you use network isolation with a deployment, Azure Log Analytics is partially supported while Application Insights isn't supported. All metrics and the `AMLOnlineEndpointTrafficLog` table are supported via Azure Log Analytics. `AMLOnlineEndpointConsoleLog` and `AMLOnlineEndpointEventLog` tables are currently not supported. As a workaround, you can use the [az ml online-deployment get_logs](/cli/azure/ml/online-deployment#az-ml-online-deployment-get-logs) CLI command, the [OnlineDeploymentOperations.get_logs()](/python/api/azure-ai-ml/azure.ai.ml.operations.onlinedeploymentoperations#azure-ai-ml-operations-onlinedeploymentoperations-get-logs) Python SDK, or the Deployment log tab in the Azure Machine Learning studio instead. For more information, see [Monitoring online endpoints](how-to-monitor-online-endpoints.md).
 
 * You can configure public access to a __managed online endpoint__ (_inbound_ and _outbound_). You can also configure [public access to an Azure Machine Learning workspace](how-to-configure-private-link.md#enable-public-access).
 
@@ -331,4 +331,4 @@ az group delete --resource-group <resource-group-name>
 - [How to autoscale managed online endpoints](how-to-autoscale-endpoints.md)
 - [View costs for an Azure Machine Learning managed online endpoint](how-to-view-online-endpoints-costs.md)
 - [Access Azure resources with a online endpoint and managed identity](how-to-access-resources-from-endpoints-managed-identities.md)
-- [Troubleshoot online endpoints deployment](how-to-troubleshoot-online-endpoints.md)
+- [Troubleshoot online endpoints deployment](how-to-troubleshoot-online-endpoints.md)

articles/machine-learning/migrate-to-v2-managed-online-endpoints.md

@@ -53,7 +53,7 @@ The upgrade tool will map the CPU/Memory requirement to corresponding SKU. If yo
 > When upgrading from ACI, there will be some changes in how you'll be charged. See [our blog](https://aka.ms/acimoemigration) for a rough cost comparison to help you choose the right VM SKUs for your workload.
 
 ### Network isolation
-For private workspace and VNet scenarios, see [Use network isolation with managed online endpoints (preview)](how-to-secure-online-endpoint.md?tabs=model).
+For private workspace and VNet scenarios, see [Use network isolation with managed online endpoints](how-to-secure-online-endpoint.md?tabs=model).
 
 > [!IMPORTANT]
 > As there are many settings for your workspace and VNet, we strongly suggest that redeploy through the Azure CLI extension v2 for machine learning instead of the script tool.

articles/machine-learning/reference-machine-learning-cloud-parity.md

@@ -64,7 +64,7 @@ The information in the rest of this document provides information on what featur
 | ACI behind VNet                                                            | Public Preview       | NO                 | NO          |
 | ACR behind VNet                                                            | GA       | YES                 | YES          |
 | Private IP of AKS cluster                                                  | Public Preview       | NO                 | NO          |
-| Network isolation for managed online endpoints                             | Public Preview       | NO                 | NO          |
+| Network isolation for managed online endpoints                             | GA       | NO                 | NO          |
 | **Compute** |   | | |
 | [quota management across workspaces](how-to-manage-quotas.md)                                         | GA                   | YES                | YES         |
 | [Kubernetes compute](./how-to-attach-kubernetes-anywhere.md)                                         | GA                   | NO                | NO         |
@@ -177,7 +177,7 @@ The information in the rest of this document provides information on what featur
 | ACI behind VNet                                                            | Preview   | NO        | N/A        |
 | ACR behind VNet                                                            | GA   | YES       | N/A        |
 | Private IP of AKS cluster                                                  | Preview   | NO        | N/A        |
-| Network isolation for managed online endpoints                             | Preview       | NO                 | N/A          |
+| Network isolation for managed online endpoints                             | GA     | NO                 | N/A          |
 | **Compute** |   | | |
 | quota management across workspaces                                         | GA               | YES       | N/A        |
 | [Kubernetes compute](./how-to-attach-kubernetes-anywhere.md)                                         | GA                   | NO                | NO         |

articles/machine-learning/tutorial-create-secure-workspace.md

@@ -475,9 +475,9 @@ When Azure Container Registry is behind the virtual network, Azure Machine Learn
 > [!IMPORTANT]
 > The steps in this article put Azure Container Registry behind the VNet. In this configuration, you cannot deploy a model to Azure Container Instances inside the VNet. We do not recommend using Azure Container Instances with Azure Machine Learning in a virtual network. For more information, see [Secure the inference environment (SDK/CLI v1)](./v1/how-to-secure-inferencing-vnet.md).
 >
-> As an alternative to Azure Container Instances, try Azure Machine Learning managed online endpoints. For more information, see [Enable network isolation for managed online endpoints (preview)](how-to-secure-online-endpoint.md).
+> As an alternative to Azure Container Instances, try Azure Machine Learning managed online endpoints. For more information, see [Enable network isolation for managed online endpoints](how-to-secure-online-endpoint.md).
 
-At this point, you can use studio to interactively work with notebooks on the compute instance and run training jobs on the compute cluster. For a tutorial on using the compute instance and compute cluster, see [Tutorial: Azure Machine Learning in a day](tutorial-azure-ml-in-a-day.md).
+At this point, you can use the studio to interactively work with notebooks on the compute instance and run training jobs on the compute cluster. For a tutorial on using the compute instance and compute cluster, see [Tutorial: Azure Machine Learning in a day](tutorial-azure-ml-in-a-day.md).
 
 ## Stop compute instance and jump box